2016-10-24 20:42:53 +00:00
|
|
|
# Frequently Asked Questions
|
|
|
|
|
2016-11-29 19:41:37 +00:00
|
|
|
## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects?
|
2016-10-24 20:42:53 +00:00
|
|
|
|
2016-11-16 17:56:10 +00:00
|
|
|
Security access control is important for the kind of issues that OSS-Fuzz detects.
|
2016-11-19 00:55:22 +00:00
|
|
|
We will reconsider github issue tracker once the
|
|
|
|
[access control feature](https://github.com/isaacs/github/issues/37) is available.
|
2016-10-25 21:40:30 +00:00
|
|
|
|
2016-12-02 22:53:14 +00:00
|
|
|
## Why we require an e-mail associated with a Google account?
|
|
|
|
|
|
|
|
The [issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) uses Google accounts for authentication.
|
|
|
|
Note that any e-mail address [can be associated](https://support.google.com/accounts/answer/176347?hl=en)
|
|
|
|
with a Google account.
|
|
|
|
|
2016-10-25 21:40:30 +00:00
|
|
|
## Why do you use Docker?
|
|
|
|
|
2016-11-29 19:41:37 +00:00
|
|
|
Building fuzzers requires building your project with a fresh Clang compiler and special compiler flags.
|
2016-10-25 21:40:30 +00:00
|
|
|
An easy-to-use Docker image is provided to simplify toolchain distribution. This also limits our exposure
|
2016-11-23 16:31:47 +00:00
|
|
|
to a multitude of Linux varieties and provides a reproducible and secure environment for fuzzer
|
2016-10-25 21:40:30 +00:00
|
|
|
building and execution.
|
2016-12-09 18:48:45 +00:00
|
|
|
|
|
|
|
## What kind of projects are you accepting?
|
|
|
|
|
2016-12-13 22:35:54 +00:00
|
|
|
We are currently in a beta status, and still working out issues in our service. At this point, we
|
2016-12-09 18:48:45 +00:00
|
|
|
can only commit to supporting established projects that have a critical impact on infrastructure and
|
|
|
|
user security. We will consider each request on a case-by-case basis, but some things we keep in mind are:
|
|
|
|
|
2016-12-13 22:35:54 +00:00
|
|
|
- Exposure to remote attacks (e.g. libraries that are used to process untrusted input)
|
2016-12-09 18:48:45 +00:00
|
|
|
- Number of users/other projects depending on this project.
|
|
|
|
|
|
|
|
We hope to relax this requirement in the future though, so keep an eye out even if we are not able
|
|
|
|
to accept your project at this time!
|